Skip to content
View yatuk's full-sized avatar
🏠
Working from home
🏠
Working from home

Block or report yatuk

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
yatuk/README.md

Fatih Serdar Çakmak

SOC Analyst Intern · Blue Team · Detection & Incident Response

typing

linkedin portfolio location

~/whoami

name:         Fatih Serdar Çakmak
role:         SOC Analyst Intern  ·  Computer Engineering Student
focus:        [ SOC Operations, Alert Triage, Incident Response, Detection ]
currently:    SOC Intern @ Fibabanka (BDDK-regulated banking SOC)
building:     [ Tamga - LLM security proxy, MCPRadar - MCP scanner, SOC n8n playbooks ]
education:    B.Sc. Computer Engineering @ ITU (expected 2027)
learning:     Detection-as-Code · AI/LLM Security · Threat Hunting
philosophy:   "Most alerts are noise. The interesting part is the few that aren't."
ask_me_about: [ SIEM, MITRE ATTACK, SOAR, Blue Team, LLM Security, Go, Python ]

I'm a Computer Engineering student who spends most of his time inside a SOC. Day to day that means triaging alerts, killing false positives, and tweaking SOAR playbooks so the signal surfaces faster. Mostly I'm learning what incidents actually look like before they reach an analyst, and how much of a working SOC quietly runs on automation.

Off the clock I build security tooling for AI systems: a proxy that sits in front of LLM traffic, a scanner for MCP servers, and n8n playbooks that handle the repetitive half of SOC work. Everything is open source and linked below.

~/experience

[ Mar 2026 -> Present ]  Fibabanka          ·  Cybersecurity Operations (SOC) Intern
                         └─ SIEM/EDR alert triage · CTI review · incident docs · AI-assisted triage

[ Jul 2025 -> Mar 2026 ]  Doğuş Teknoloji   ·  Cybersecurity and Incident Response Intern
                         └─ SIEM/SOAR/EDR/NDR triage · phishing playbooks · L1 IR · AD and log monitoring

~/tech-stack

🛡️ Security · SOC · Detection

SIEM Cortex XSOAR EDR / NDR MITRE ATT&CK Wireshark n8n

💻 Languages

Python Go C C++ SQL

🧰 Infrastructure and Tooling

Docker FastAPI Next.js PostgreSQL Linux Active Directory Git

📋 Compliance and Frameworks

BDDK ISO 27001

~/projects

🛡️ Tamga · Self-Hosted LLM Security Proxy

Go Python Next.js AGPL-3.0 stars

A proxy you host yourself, sitting between your app and the LLM provider (OpenAI, Anthropic, Azure, Vertex). It redacts PII like TC Kimlik and IBAN numbers before they leave your network, blocks leaked secrets, and flags prompt injection. The static scanner is an Aho-Corasick DFA, so scanning a request costs well under a millisecond. There are compliance mappings for KVKK, BDDK, GDPR and PCI-DSS, plus hash-chained audit logs and a Next.js incident dashboard. Go proxy, Python (FastAPI) analyzer. CI runs a 309-prompt adversarial suite on every change.

📡 MCPRadar · Security Scanner for MCP Servers

Python PyPI MIT stars

Checks Model Context Protocol servers for tool poisoning, prompt injection, and supply-chain rug pulls before your agent runs them. Six detection rules cover zero-width Unicode, injection patterns, encoded blobs, hidden HTML/Markdown, permission scope mismatches, and dangerous tool names. Output is SARIF, so findings land in the GitHub Security tab, and SQLite snapshot diffing catches servers that quietly change their schema after you approved them. Runs with uvx mcpradar scan ..., no install needed. Public leaderboard at yatuk.github.io/mcpradar.

⚙️ SOC n8n Workflows · SOC Automation Playbooks for n8n

n8n JSON MIT stars

Ten SOC automation playbooks for n8n: LLM-assisted alert triage, phishing analysis, IOC enrichment, human-approved containment, CVE watch, and reporting. Each workflow is import-ready JSON with no secrets baked in; you wire up credentials on your own instance. The patterns come from things I actually deal with on shift.

🎯 SOC Simulation · SIEM / SOAR / EDR Alert Triage Simulation

Python MITRE ATT&CK stars

A simulated shift as a SOC analyst: 127 alerts, 126 false positives, 1 real threat, 6 coffees. It walks through SIEM/SOAR/EDR triage with MITRE ATT&CK mapping. Finding the one real threat is the easy part. Staying sharp through the 126 alerts before it is not. Live at yatuk.github.io/soc-simulation.

🗄️ WDI Analytics · Full-Stack Data Platform

Flask React TypeScript MySQL Docker

A platform for exploring World Bank development indicators across six domains (countries, health, emissions, energy, freshwater, sustainability). A Flask blueprint API sits behind a React + TypeScript SPA. Access is role-based (admin / editor / viewer), all SQL is parameterized, and every change is audit-logged. The frontend has Chart.js trends, a Leaflet world map, CSV export, and server-side pagination. Ships with Docker Compose, Alembic migrations, pytest, and CI. Term project for BLG-317E at ITU.

Astro TypeScript

Terminal-themed personal site built with Astro 5. Boot animation, a SOC-dashboard recruiter view, and bilingual content.

~/github-stats

stats top langs
contribution snake

"Security is a process, not a product." · Bruce Schneier

Pinned Loading

  1. tamga tamga Public

    Self-hosted LLM security proxy. PII redaction, prompt injection defense, KVKK/GDPR/PCI-DSS compliance. Sub-millisecond latency.

    Go 26 1

  2. soc-n8n-workflows soc-n8n-workflows Public

    🛡️ 10 production-shaped SOC automation playbooks for n8n LLM-assisted alert triage, phishing analysis, IOC enrichment, human-approved containment, CVE watch & SOC reporting. Import-ready JSON, zero…

    JavaScript 8

  3. itu-mcp itu-mcp Public

    İTÜ Ninova + OBS’yi Claude, Cursor ve Codex’e bağlayan yerel MCP sunucusu. Ders, ödev, not, transkript ve daha fazlası.

    JavaScript 6

  4. soc-simulation soc-simulation Public

    SOC Analyst portfolyo projesi | 127 alert, 126 false positive, 1 gerçek tehdit, 6 kahve | SIEM/SOAR/EDR simülasyonu

    Python 3

  5. mcpradar mcpradar Public

    Security scanner for Model Context Protocol servers. Catch tool poisoning, prompt injection, and supply-chain attacks before your ▎ AI agent runs them.

    Python 1

  6. Database-Management-System Database-Management-System Public

    Forked from s4l1hs/Database-Management-System

    A comprehensive database management and visualization platform for World Development Indicators (WDI) data. Flask REST API + React SPA with role-based access control."

    Python 1